076 The Problem of IT Mythology and Mystique - Bringing IT Audit Down to Earth -- by Dr James A Robertson PrEng

1

The Problem of IT Mythology and Mystique - Bringing IT Audit Down to Earth

www.JamesARobertson.com

Dr James Robertson PrEng

2nd Annual IT Audit Challenge Forum 20081st to 3rd December 2008

2

An industry characterized by failure

“19 out of 20 E.R.P. Implementations do

NOT deliver what was promised”

Duncan McLeod

3

Extreme failures

Seven years and half a billion dollars -- international chemicals company

$400 million -- multinational shoe corporation

Multinational entertainment giant -- $878 million

Major supermarket chain -- $195 million

1.

2.

3.

4.

4

"I.T. is the next corporate disaster waiting to happen”

Pending disaster

5

Pending epidemic

6

Is I.T. Audit delivering?

There is a need for a new approach

7

8Engineer against failure

9

Engineers do not design bridges to stand up, they design them

not to fall down...

10

What is NOT an engineering approach?

11

Software as magic

12

The content is the same -- always -- binary code

13

Positioning this presentationInformation technology can and should add value

14

What is strategy?

15

Strategy

Doing the right things

Professor Malcolm McDonald

16

Tactics

Doing things right


17

The relationship between strategy and tactics

Strategy -- doing the right things


Tac

tics

--

thin

gs

rig

ht

Thrive

18



Survive


Tac

tics

--

thin

gs

rig

ht

19



Die


Tac

tics

--

thin

gs

rig

ht

20



Die slowly

Die fast


Tac

tics

--

thin

gs

rig

ht

21



SurviveDie slowly

Die fast

Thrive


Tac

tics

--

thin

gs

rig

ht

22

23

Information technology mythology (30%)

Lack of executive custody and inappropriate policies (20%)

Lack of strategic alignment (15%)

Lack of an engineering approach (12%)

Poor data engineering (10%)

People / soft issues (8%)

Technology issues (5%)

1.

2.

3.

4.

5.

6.

7.

Critical factors to manage to prevent failure

65%

Remember that technology is value inert

24

25

Executive Custody (25%)

Strategic Solution Architecture (18%)

Strategic Alignment (16%)

Business Integration and Optimization (14%)

Programme Schedule, Budget and Resource Management (12%)

Data Engineering (10%)

Technology Components (5%)

1.

2.

3.

4.

5.

6.

7.

Critical factors for success

59%

Thrive

R e c a

p

26

What is IT -- Really?

27

Back to basics

28

Advanced technology is not necessarily the answer

Over 30 years old and four years older

Still flying and only in a museum

Lo tech and hi tech

29

Clean up your data

30

Organize your data

31

From chaos to order

32

Why do we need IT security and audits?

Occasional crime and fraud

Set basic standards

Basic disciplines

... ?

1.

2.

3.

4.

No big deal?

33

Are we using a sledge hammer to crack a nut?

34

Potential murder weaponThree signaturesPassword changed dailyOnly used under supervision of a senior manager

))))

Or Utility tool that most people own with no control

Is the hammer bogged down in red tape?

35

What is really needed?

Some practical policies

One page, no more than 7 to 10 points

Easily understood by all staff who use computers

Non-intrusive

Does NOT interfere with the business of the business

Non-I.T. non-audit people can understand the relevance and adopt as their own

I.T. is ALL about people!

1.

2.

3.

4.

5.

6.

7.

36

Retain your OS and Office Suite and use the same machinesfor 6 years+

37

E.R.P. -- Invest for 20 years

38

Sustainable I.T. and E.R.P. support

39

Give people the tools

40

“the customer is NOT an interruption of your day the customer is the reason for your day”

Train I.T. staff to delight customers

41

“boots in the mud”

Make your I.T. staff an integral part of your business

42

Identify your core strategic drivers and then strengthen them

43

Align I.T. to support the core business

44

Business systems instead of I.T.

45

Executive custody -- OUR system

Leadership is 50% of success

46

Bringing IT Audit Down to Earth

I.T. operations are primarily an engineering and customer service function

Define and audit engineering standards

Define and audit customer service standards

Be practical -- enduring secret passwords with discipline -- do NOT change the lock every month

Short, practical, doable documents that people understand

Basic pragmatic measures, there are NO magicians out there

Educate users and executives and avoid mythology and jargon

1.

2.

3.

4.

5.

6.

7.

47

What is your single most important insight from this presentation?

What is the single most practical action that you can take tomorrow to apply I.T. more effectively?

1.

2.

Call to action

New insight that does not result in action within 48 hours is wasted

48

Acknowledgement and dedication

Clients, associates and staff

Father and mother Angus and Thelma

Children Alexandra and Struan

Fiona, Ingrid, Sandra and Helene

To the glory of the Eternal Creator

Psalm 136:5 "To Him who by wisdom made the heavens, for His mercy endures forever;"

49

[email protected]

Finding the missing pieces of your I.T. and strategy puzzles